Hardware keyloggers discovered at public libraries

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Hardware keyloggerPublic libraries in Manchester, England, have been advised to keep their eyes peeled for USB bugs after two devices were discovered monitoring every keystroke made by every user of affected PCs.

According to local media reports, the small surveillance devices were found attached to the keyboard sockets at the back of two PCs in Wilmslow and Handforth libraries.

The devices – which look similar to USB drives – capture all keyboard activity, meaning that if everything you type (such as when you log into your email, book a holiday, check your bank account or make an online purchase) can be gathered by a returning criminal for later exploitation.

BBC News report

Sign up to our free newsletter.
Security news, advice, and tips.

It’s not known how long the devices have been in place at the libraries, or what information may have been stolen, but as the affected computers are used by a wide range of people (and are frequently accessed by members of the public who may not be able to afford internet access at home) the impact could be considerable.

According to reports, staff have been advised to conduct frequent checks on computers to try to reduce the chance of hardware keyloggers being deployed again, and rules have been in put in place advising that all keyboards must be plugged in to the (more visible) front of the PC’s base unit rather than the rear.

But with human nature being what it is, and the cheap price and easy availability of hardware keyloggers in both USB and PS/2 connection forms, it’s unlikely that we’ve heard the last of similar identity thefts on public computers.

Organisations concerned about the possibility of hardware keyloggers in the business environment may wish to investigate Sophos’s SafeGuard Enterprise Configuration Protection facility.

BBC News reporter David Guest made a short video describing the threat, at one of the affected library computers.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.